TECH AND SOLVE S.A.S., identified with the NIT 900.224.316-9, acting in its capacity as responsible for the processing of personal data collected by virtue of the development of the corporate purpose and respectful of the legal system and individual rights, adopts this Personal Data Processing Policy in order to establish the guidelines to ensure the right to Habeas Data of all those natural persons belonging to the databases of the company.
Legal Context
The processing of personal data is done in compliance with the Statutory Law on Data Protection (Law 1581 of 2012), more specifically Articles 17 literal k) and 18 literal f), Articles 15 and 20 of the Political Constitution of Colombia and Article 13 of Law 1377 of 2013, by which the previous Law is regulated.
2. Concepts
The concepts defined below are in their essence those contained in Decree 1377 of 2013 in its third article.
Authorization: Prior, express and informed consent of the Data Subject to carry out the processing of personal data.
Data subject: Natural person whose personal data is the object of processing.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
✓ Database: Organized set of personal data that are subject to processing.
Public data: Data that is not semi-private, private or sensitive. Data related to the marital status of individuals, their profession or trade and their status as merchants or public servants, among others, are considered public data. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.
Private Data: Data that due to its intimate or reserved nature is only relevant to the owner.
✓ Sensitive data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.
Personal data: Any information linked or that can be associated to one or several determined or determinable natural persons.
Data Controller: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the processing of the data.
Data Processor: A natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the Data Controller.
✓ Transfer: The transfer of data takes place when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
✓ Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when the purpose of the processing is to be carried out by the processor on behalf of the controller.
✓ Privacy Notice: Verbal or written communication generated by the responsible party, addressed to the Data Subject for the processing of his/her personal data, by means of which he/she is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the processing that is intended to be given to the personal data.
3. Acceptance of the Corporate Manual of Policies and Procedures for the Processing of Personal Data
In accordance with article nine of the Statutory Law on Data Protection, any processing of personal data shall require prior authorization from the Data Subject. The owners, understand that whoever provides information considered as personal data, expressly accepts that these will be treated by TECH AND SOLVE S.A.S. as established in this document.
Cases in which authorization is NOT required, according to the rule
✓ Data of a public nature.
Information that is required by authorities in the exercise of their functions through administrative acts, court rulings or any other of a legal nature.
✓ Data related to the Civil Registry of persons.
✓ Cases of medical or health emergencies.
✓ Processing of information authorized by law for historical, statistical or scientific purposes.
Data of a public nature, i.e., data relating to the marital status of individuals, their profession or trade, and their status as merchants or public servants, among others. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and court rulings.
To whom can Personal Data be provided without Authorization of the Data Subject?
✓ To the Data Subjects, their heirs or Legal Representatives (parents or those with parental authority).
✓ To public or administrative entities in the exercise of their legal functions or by court order.
✓ To third parties authorized by the Holder or by law.
4. Responsible
The databases covered by this policy are the responsibility, under the terms of Law 1581 of 2012, of TECH AND SOLVE S.A.S., identified with NIT 900.224.316- 9, located at Carrera 43B # 16-41, Office 1407. Medellín, Antioquia (hereinafter “THE RESPONSIBLE PARTY”). E-mail: administrativo@techandsolve.com.
5. Purposes of Data Processing
The personal data of the owners collected and contained in our databases, will be treated for legitimate purposes, in compliance with the constitution and the law. The data will be used to meet any of the following purposes: Granting and management of permits, licenses and authorizations, management of sanctions, reprimands, warnings, calls for attention, exclusions, schedule control, personnel payroll management; temporary employment; payment of social benefits, administrative procedures, customer loyalty, brand activations, marketing, accounting, tax and administrative management of customers, collections and payments, billing, suppliers, making historical commercial relations, development of advertising and commercial prospecting, opinion polls, own advertising, market segmentation, promotion and employment management and selection of personnel; as well as the transmission of data to companies or natural persons with similar, related or complementary commercial activities; and any other activity related to the commercial activity of TECH AND SOLVE S.A.S.
The navigation systems and software necessary for the operation of our website collect personal data, the transmission of which is inherent to the operation of Internet systems.
It is possible that from the information collected it may be possible to identify users who use the web systems, although this data is not collected for that purpose. These data include the following:
✓ Domain name of the computer used to access the Web page.
✓ Parameters related to the user’s operating system.
✓ IP address.
✓ URL
✓ Date and time.
The aforementioned data is used only for the collection of anonymous statistical data, to generate usage and improvement parameters for the website.
6. Rights of the Holders
The holders of personal data, in accordance with articles 21 and 22 of Decree 1377 of 2013 and article 8 of LEPD, have certain rights that they can make use of in relation to the processing of their personal data, which may be exercised by:
o By the Data Subject, who must prove his identity sufficiently by the different means made available to him by the responsible.
o By their successors in title, who must prove their status as beneficiaries.
o By the representative and/or attorney-in-fact of the Holder, upon accreditation of the representation or power of attorney.
o By stipulation in favor of another and for another.
The rights of children or adolescents shall be exercised by the persons who are empowered to represent them.
The rights that holders have in relation to the processing of their personal data are:
A. Right of access or consultation: This is the right of the Data Subject to be informed by the data controller, upon request, regarding the origin, use and purpose of his personal data.
B. Complaints and claims rights: The Law distinguishes four types of complaints:
✓ Claim for correction: It is the Holder’s right to have any partial, inaccurate, incomplete, fractioned, misleading data updated, rectified or modified, or data whose processing is expressly prohibited or has not been authorized.
Claim for suppression: This is the right of the Data Subject to have data that is inadequate, excessive or that does not respect the constitutional and legal principles, rights and guarantees suppressed.
✓ Revocation claim: It is the right of the Data Subject to leave without effect the authorization previously provided for the processing of his/her personal data.
✓ Infringement Claim: It is the right of the Data Subject to request that the non-compliance with the Data Protection regulations be remedied.
C. Right to request proof of the authorization granted to the data controller: Except when expressly exempted as a requirement for the processing in accordance with the provisions of Article 10 of the LEPD.
D. Right to file before the Superintendence of Industry and Commerce complaints for infringements: The Data Subject or assignee may only raise this complaint once he/she has exhausted the consultation or complaint process before the data controller or data processor.
7. Contact of the Holders
The owners of the processed data may exercise their rights by sending an e-mail to administrativo@techandsolve.com.
8. Rights Exercises
8.1 Right of access or consultation
The holder may consult his personal data free of charge in the following cases.
Whenever there are substantial changes in TECH AND SOLVE S.A.S. data processing policies.
For consultations with a periodicity greater than that stated in the first paragraph of this article, THE RESPONSIBLE PARTY may charge the holder for the costs of sending, reproduction and, if applicable, certification of documents.
The right enunciated in this numeral may be exercised by the holder, by writing to TECH AND SOLVE S.A.S, identified with NIT 900.224.316-9 and located at Carrera 43B # 16-41 Office 1407, Medellín, Antioquia or by e-mail: administrativo@techandsolve.com, indicating in the Subject “Exercise of the right of access or consultation”. The application must contain the following information:
✓ Name and surname of the Holder.
✓ Photocopy of the Holder’s Citizenship Card and, if applicable, of the person representing the Holder, as well as the document accrediting such representation.
✓ Request in which the request for access or consultation is specified.
✓ Address for notifications, date and signature of the applicant.
*** If applicable, the documents that prove the consultation made.
By making it clear in the request, the information may be requested in any of the following modalities.
✓ On-screen display.
✓ In writing, with copy or photocopy sent by certified mail or not.
✓ Photocopy.
✓ E-mail or other electronic media.
Upon receipt of the request, TECH ADN SOLVE S.A.S will have a maximum period of ten (10) working days to resolve the request. In case it is not possible to resolve the request within the stated period, the applicant will be informed of the reason for this, and we will have a period of five (5) more working days, in accordance with Article 14 of the LEPD.
8.2 Right of complaints and claims
The owner of the personal data may exercise the right to make a complaint about his/her data by writing to TECH AND SOLVE S.A.S., identified with NIT 900.224.316-9 and located at Carrera 43B # 16-41 Office 1407, Medellín, Antioquia or by e-mail: administrativo@techandsolve.com, indicating “Complaints and Claims” in the subject line. The application must contain the following information:
✓ Name and surname of the Holder.
✓ Photocopy of the Holder’s Citizenship Card and, if applicable, of the person representing the Holder, as well as the document accrediting such representation.
✓ Description of the facts and request in which the request for correction, deletion, revocation or infringement is specified.
✓ Address for notifications, date and signature of the applicant.
✓ Documents accrediting the petition formulated that are to be asserted, when applicable.
If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, if the applicant does not submit the required information, it will be understood that the claim has been abandoned.
Once the completed claim has been received, a legend will be included in the database stating “claim in process” and the reason for the claim, within a term not exceeding two (2) business days. This legend shall be maintained until the claim is resolved.
TECH AND SOLVE S.A.S, will resolve the claim within a maximum period of fifteen (15) business days from the date of receipt thereof. When it is not possible to attend to the claim within said term, the interested party will be informed of the reasons for the delay and the date on which the claim will be attended to, which in no case may exceed eight (8) working days following the expiration of the first term. Once the complaint process has been exhausted, the Holder or assignee may file a complaint before the Superintendence of Industry and Commerce.
9. Security Policies
TECH AND SOLVE S.A.S in order to comply with the principle of security enshrined in Article 4 paragraph g) of the LEPD, has implemented technical, human and administrative measures necessary to ensure the security of records to prevent tampering, loss, consultation, use or unauthorized or fraudulent access.
On the other hand, by means of the subscription of the corresponding transmission contracts, we have required the personal data processors with whom we work to implement the necessary security measures to guarantee the security and confidentiality of the information in the processing of personal data.
10. International Data Transfer
In accordance with Title VIII of the LEPD, the transfer of data to countries that do not have the security conditions established in the aforementioned Law is expressly prohibited. When a country does not comply with the conditions established by the Superintendence of Industry and Commerce, it will be understood that the transfer of data to this country is prohibited. The conditions of the country to which the data is to be transferred may in no case be less than those established by the LEPD. The transfer of data to third countries is not prohibited when:
✓ You have given your express and unequivocal authorization for the transfer.
Exchange of medical data, when so required by the treatment of the Data Subject for reasons of public health or hygiene.
Bank or stock exchange transfers, in accordance with the applicable legislation.
Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
Transfers necessary for the performance of a contract between the Data Subject and the Data Controller, or for the performance of pre-contractual measures provided that the Data Subject’s authorization is obtained.
✓ Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial proceeding.
In cases where the exception is not contemplated, it will be the Superintendence of Industry and Commerce to announce the verdict on the possibility or prohibition of transferring data to third countries. The officer in charge shall be empowered to request the necessary information, as well as to carry out the necessary steps to determine the viability of the operation. Whenever there is a data transmission contract between TECH AND SOLVE S.A.S. and a data processor located outside the Colombian territory, the consent or authorization of the owner shall not be required. The data collected through TECH AND SOLVE S.A.S, may be used by its affiliates, subsidiaries, allies, branches, among others.
11. Validity
The databases subject to treatment by TECH AND SOLVE S.A.S., will be treated for the time required for the purpose for which these data are collected. When the purpose or purposes for which the data were collected have been fulfilled, without prejudice to the provisions of other legal regulations, TECH AND SOLVE S.A.S. will proceed to the total deletion of the data, unless there is any legal or contractual obligation to keep them under custody.
